While migrating your infrastructure to the cloud offers an opportunity to rethink your approach to management and security, it can create a patchwork of processes and tools, a disorganized team, and duplication of work. In a few years, you may learn that the IT security team needs a unified approach to data protection and you must already overhaul your “new” setup. You thought you were speeding ahead with improved operations and lower costs, but you are actually in the security slow lane! Pull over and find a new route forward with VMWare on AWS by leveraging tools you know in an environment you already understand. Save years of work by utilizing a common set of tools, operational processes, and security framework when moving to the cloud. Learn tips and tactics from Trend Micro and Capgemini for setting your teams up for success now…and tomorrow.
This was one of Trend Micro's sessions presented at VMworld 2017.
Skip the Security Slow Lane with VMware Cloud on AWS
1. Bryan Webster, Principal Architect, Trend Micro
Dharmesh Chovatia, Cap Gemini
SAI3316BUS
VMworld #SAI3316BUS
Skip the Security Slow
Lane with VMware Cloud
on AWS
2. • This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
Disclaimer
2#SAI3316BUS CONFIDENTIAL
3. Why cloud in the first place?
3#SAI3316BUS CONFIDENTIAL
4. Who’s driving this train?
Technology budgets
shifting from IT to
Business Units
4
Need to move code
quickly from dev to
production
IT seen as reducing
business speed
IT
#SAI3316BUS CONFIDENTIAL
7. Why do we care?
Security teams blinded to
environment specific risks
7
Loss of consolidated audit
and logging capabilities
Inability to leverage
targeted efficiency in
teams
#SAI3316BUS CONFIDENTIAL
17. Who is Capgemini
17
As a Leader
in the Gartner
Magic Quadrant
for SAP Implementation
Services, Worldwide.
(July 2015)
*See disclaimer
In the Leaders category
in The Forrester Wave™:
Global Infrastructure
Outsourcing
Wave™, Q1
2015. (Jan 2015)
In the Leaders
category
in The Forrester
Wave™:
Salesforce.com
Implementation Partners
in 2015 (June 2015)
As a Leader
in IDC MarketScape: Worldwide
Application Modernization
Services for Digital
Transformation
Vendor Assessment (Dec. 2015)
2015 2016
As a Leader
in The Forrester Wave
™: Services Providers
For Next-Generation
SAP Products, Q1 2016
In the Leaders category
application
in The Forrester Wave™:
Services Providers for
Next-Generation Oracle
projects, Q3 2016
As a Major Player
in the IDC MarketScape:
Worldwide Business Analytics
Consulting and Systems
Integration
Services 2016 Vendor
Assessment
(Apr 2016)
As a Major Player
in the IDC MarketScape:
Worldwide Big Data
Consulting and Systems
Integration Services 2016
Vendor Assessment
(May 2016)
As a Major Player
in the IDC MarketScape
on Digital Strategy
Consulting in 2016 for
Worldwide, North America,
EMEA and Asia Pacific
(May 2016)
Diversified and
Robust
Financial
Performance
Consistently
Recognized as
a Market
Leader
Revenue by
Industry
11%
26%
17%4%
19%
7%
16%
Energy, Utilities and
Chemicals
Financial
Services
Public Sector
Telecom,
Media &
Entertainment
Consumer Products,
Retail, Distribution
& Transportation
Manufacturing,
Automotive
& Life Sciences
Others
2016 Operating Margin
$1.59
billion
2016 Operating Profit
$1.27
billion
2016 Revenue
$13.8
billion
#SAI3316BUS CONFIDENTIAL
18. Capgemini Infrastructure, Cloud and Cybersecurity Managed
Services
18
End-to-end cloud services portfolio
• Cloud strategy and advisory
• Cloud migration and hybrid cloud managed services
• Cloud native development and integration
• Private cloud hosting and transformation
Industrialized, proven assets to accelerate timeline
• Capgemini Application Profiler
• Cloud migration factory (CMF)
• Capgemini Cloud Managed Services (CCMS)
• Infrastructure Monitoring Operations Center (IMOCTM)
Comprehensive cybersecurity approach
Global Presence• State-of-the-art GSOCs for security monitoring & protection
• End-to-end cybersecurity consulting
#SAI3316BUS CONFIDENTIAL
19. Problem we were trying to Solve
19
• Cloud changes the security monitoring and
protection.
• There are no facilities to deploy a Network
based IDS/IPS.
• Perimeter security is typically at L4, unless
expensive security virtual appliances are
deployed
• Non-Standard and non-uniform security
configurations between cloud vendors.
• Workloads are scalable and variable.
• Cloud vendors have security control as part of
the platform and integration is often via an API.
• Cloud vendors protect underneath infrastructure
but virtual resources are customers’
responsibility.
Traditional Security Tiers
#SAI3316BUS CONFIDENTIAL
20. Cloud Security Model with Trend
Hypervisor
Compute Storage Networking
Bare Metal
Infrastructure
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
CloudProviderCapgemini
§ DDoS (Distributed Denial of Service):
§ Standard Mitigation Technique in effect
§ MITM (Man in the Middle)
§ API Endpoints protected by SSL
§ IP Spoofing:
§ Prohibited at instance level
§ Unauthorized Port Scanning:
§ Violation of TOS
§ Detected, stopped and blocked
§ Inbound ports are blocked by default
§ Packet Sniffing
§ Promiscuous Mode is ineffective
CloudVendor
Built-in
Sectools
Instance
Protections
Sectools
#SAI3316BUS CONFIDENTIAL
21. Modules in Deep Security
21
Network Security
Firewall
Vulnerability
Scanning
Intrusion
Prevention
Stop network attacks,
shield vulnerable
applications & servers
Anti-
Malware
Sandbox
Analysis
Malware Prevention
Stop malware &
targeted attacks
Behavioral
Analysis &
Machine
Learning
(2H/17)
System Security
Lock down systems &
detect suspicious activity
Application
Control
Integrity
Monitoring
Log
Inspection
#SAI3316BUS CONFIDENTIAL
24. As your digital transformation continues…
• Look for capabilities and design patterns to give you the greatest uniform visibility across the
enterprise
• Enterprise Transformation in cloud is an opportunity to consolidate tooling and reduce the
impact of:
– Personnel training and context switching
– Overhead on compute resources from too many agents
– Server platforms, databases, and consoles to maintain
• Build hybrid teams for hybrid infrastructure
• Transformation doesn’t have to stop at technologies
– Transform IT from the org perceived as innovation crushing to enabler
– Deliver capabilities to platform teams and let them focus on their business
– Leverage existing expertise to build your hybrid infrastructure
24#SAI3316BUS CONFIDENTIAL
25. Always more to learn…
• …. and we can’t wait to learn from all of you.
• Please come tell us about your hybrid journey at Booth #610
• and see what else we’ve learned from you on the web at
• https://www.trendmicro.com/vmware/cloud/
25